Cisco to ship networking gear to vacant addresses to circumvent the NSA
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
March 19, 2015
Cisco security chief John Stewart said this morning that the networking equipment maker
will start shipping its network gear to vacant addresses, in an effort to circumvent the NSA's
secret spying initiatives.
The so-called dead drop shipments will help to neutralize an Edward Snowden revealed operation
whereby the U.S. federal agency would intercept networking gear and install various backdoors in them before
the equipment reached customers.
The interception campaign was first revealed in May 2014. Speaking at a Cisco Live press panel in
Melbourne today, Stewart says Cisco will ship with fake identities and vacant addresses for its
most sensitive customers, in cases suspected that the NSA could be involved.
"We ship networking equipment to an address that's has nothing to do with the customer, and then
you have no idea who ultimately it is going to," Stewart says.
"When customers are truly worried, it causes other issues to make interception more difficult
in that federal agencies don't quite know where that router or switch is going so its very hard to
target. You'd then have to target all of them or none at all. There is always going to be inherent
risk," he added.
Stewart added that some customers drive up to a distributor and pick up hardware at the door. He
says nothing could guarantee protection against the NSA, however.
"If you had a machine in an airtight area, I stop the controls by which I mitigate risk when I ship
it," he says, adding that hardware technologies can make malicious tampering "incredibly difficult".
Cisco has poked around its routers for possible spy chips, but to date hasn't found anything because it
necessarily doesn't know what NSA taps may look like, according to Stewart.
After the hacking campaign, Cisco CEO John Chambers wrote a letter to U.S. President Barack Obama
saying NSA's spying would undermine the global technology industry.
Fellow panelist Mike Burgess, chief security officer for Australia's dominant telco Telstra,
says the telecom provider is confident it will be able to secure the swelling pools of data the
nation's government will force it to collect under soon-to-be-enacted data retention laws.
The former officer with Australia's agency of the Defence Signals Directorate said the swelling
data pools will turn companies into honeypots for hackers, and staff with access to the databases
as prime targets for various phishing campaigns.
He was unsure how much data retention will cost the telco, but insisted that it will impose
a monetary overhead and rejected claims it can be covered without much expense under existing
The impending cost overheads prompted telcos to write to Federal Attorney General George Brandis
and Communications Minister Malcolm Turnbull requested some government input.
Stewart points out that various hacking groups are likely with sufficient time and effort
to be successful at targeting systems such as data retention databases.
"If a truly dedicated team is coming after you for a very long period of time, then the probability
of them succeeding goes up fast," he says.
Telecom service providers should not focus on the financial cost of protecting those databases and
instead ensure that acceptable risk levels are met, he says.
Get the most dependable SMTP server for your company. You will congratulate yourself!
Share on Twitter.